Averta

Master Slider

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-58025

  • EPSS 0.05%
  • Veröffentlicht 22.09.2025 18:23:57
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0.

5.4

CVE-2025-5291

  • EPSS 0.04%
  • Veröffentlicht 17.06.2025 11:23:37
  • Zuletzt bearbeitet 02.07.2025 19:33:43

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization...

4.3

CVE-2025-39412

  • EPSS 0.04%
  • Veröffentlicht 19.05.2025 17:25:26
  • Zuletzt bearbeitet 27.05.2025 16:33:11

Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8.

5.4

CVE-2024-13757

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 10:15:14
  • Zuletzt bearbeitet 26.05.2025 01:47:50

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping ...

5.4

CVE-2024-11731

  • EPSS 0.06%
  • Veröffentlicht 05.03.2025 10:15:10
  • Zuletzt bearbeitet 26.05.2025 01:49:45

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping...

3.5

CVE-2024-12173

Exploit
  • EPSS 0.07%
  • Veröffentlicht 19.02.2025 06:15:21
  • Zuletzt bearbeitet 15.05.2025 20:48:01

The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili...

6.5

CVE-2024-6490

Exploit
  • EPSS 0.12%
  • Veröffentlicht 26.07.2024 06:15:02
  • Zuletzt bearbeitet 27.05.2025 16:32:41

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPre...

6.1

CVE-2024-37222

  • EPSS 0.21%
  • Veröffentlicht 20.06.2024 15:15:50
  • Zuletzt bearbeitet 27.05.2025 16:42:50

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.

4.3

CVE-2023-50900

  • EPSS 0.1%
  • Veröffentlicht 19.06.2024 10:15:09
  • Zuletzt bearbeitet 27.05.2025 16:46:23

Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

5.4

CVE-2024-4375

  • EPSS 0.22%
  • Veröffentlicht 18.06.2024 03:15:09
  • Zuletzt bearbeitet 21.11.2024 09:42:43

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escapin...